Is IT Outsourcing Still In?

High-profile problems and emerging technologies are changing attitudes about the would-be savior of enterprise IT.

In 2003, Mark Warner had a problem. As Virginia's then-governor, he badly wanted to use information technology to improve how the state operated, but had little data about what was being spent on automation and whether IT investments were paying off. At the time, the commonwealth's IT operations were decentralized and uncoordinated. Warner, who made a fortune in the telecom business prior to becoming governor, knew the state's agencies could, with IT, do a better job while probably spending less.

Two years, several studies and one major reorganization later, Virginia signed a 10-year, $2.3 billion deal with Northrop Grumman to take over the state's entire IT operation. The agreement's scope was as breathtaking as its price tag. Northrop agreed to and delivered on its promised investment. It refreshed more than 42,000 desktop, laptop and tablet PCs; moved 1,700 agencies sites to a new, centrally managed network; built two new data centers, bringing jobs to hundreds; and migrated more than 60,000 users to a centralized help desk.

But not all was going to plan. Complaints piled up about delays on certain initiatives, poor performance and disruptions in service. And the much-vaunted savings that outsourcing was supposed to produce--as much as $100 million annually--hadn't materialized. The situation became so untenable that in June 2009, Lemuel Stewart, the state's chief information officer (CIO), withheld a $14-million payment to Northrop, only to lose his job shortly thereafter. In October, the state released an audit that was highly critical of the partnership--and of Northrop in particular.

RELATED

Yet the problems weren't as cut and dried as they appeared in the report. Timothy Kaine, who succeeded Warner as governor, faulted state agencies, not Northrop, regarding missed deadlines. In particular, he singled out the Virginia Information Technologies Agency, which oversaw the contract, for having a poor organizational model. The state legislature also pointed to serious problems with the governance structure used to oversee the partnership.

Nearly 1,500 miles to the southwest, a similar story was unfolding in Texas. The state's seven-year, $863 million outsourcing deal with IBM had become so unwieldy that in October 2008, Gov. Rick Perry ordered a halt to the project so a thorough assessment of the problems could be completed. The work halt was in response to IBM's apparent failure to back up data for more than 20 agencies, including the temporary loss of eight months worth of data from the Office of the Attorney General.

As happened in Virginia, the agency tasked with overseeing the contract, the Texas Department of Information Resources (DIR), withheld $900,000 in payment to IBM until the back-up situation was remedied. IBM acknowledged the delays, but a 2009 Texas State Auditor's report criticized the DIR for failing to adequately oversee and verify IBM's performance. A study to find the root of Texas' problems, commissioned by the DIR and completed by outsourcing consultancy EquaTerra, found that governance provisions spelled out in the IBM contract were ineffective and inappropriate for keeping the massive outsourcing deal on track.

Despite all the difficulties they encountered, Texas and Virginia are pressing on, as the projects have grown so large it would be catastrophic if they failed. And while most believe both states eventually will find their way out of the woods, the troubled projects have exposed a fault line in government IT governance, one that must be addressed quickly if outsourcing is to have a future in state and local government.

There's a lot that can go wrong in a huge government IT outsourcing deal--too much, according to many critics and experts who track these partnerships. Even those at the helm of IT outsourcing efforts seen as paradigms for other agencies to emulate agree that traditional outsourcing arrangements may be on the way out. Key among the reasons these mega-projects are trouble is the weak governance used to oversee such projects, and lack of focus on the actual goal for outsourcing IT.

Lynn Willenbring, CIO of Minneapolis, says many problems encountered when organizations try IT outsourcing stem from the fact that those in charge were looking specifically to save money instead of increasing the overall organizational effectiveness. In other words, short-term gains were valued over long-term productivity improvements.

Willenbring speaks from experience. In 2003, Minneapolis began an outsourcing initiative with Unisys to streamline its organization and save resources. Early troubles persisted, which Willenbring pinned on a nonexistent governance structure and internal deficiencies. To correct its course, Minneapolis brought on an IT consultancy firm, which found that the city could achieve significant improvements by instituting a best-practices governance model.

In fact, the city shaved $1 million off annual expenses and realized $18 million in savings. Minneapolis and Unisys renewed their contract in 2007, which now includes data center services, program management, service desk, end-user services, network management, disaster recovery, 911 systems and the city's security camera network.

Willenbring's key recommendation for improving the chances for success is to align objectives with the appropriate sourcing model. In other words, don't say, "Oh we're going to outsource and we'll save money," she says. "When we looked at [outsourcing], we were looking at it not as a cost-savings measure, but as a way to shift away from some of the work that was keeping us from doing what we really thought we should in our IT department."

However, even a better focus on outsourcing objectives won't overcome the No. 1 problem for outsourcing failures: "I think the biggest gap that I see in other outsourcing arrangements is a lack of governance," Willenbring says. "We went into our first arrangement with no governance as well. We got lucky; others haven't."

While the idea of establishing a governance structure sounds straightforward, actually doing it isn't. Time, money, legislators, the citizenry and private-sector partners all can often and inadvertently conspire against attempts to establish solid governance.

Sometimes it takes time, a lawsuit and a renegotiated contract to get to the root of the problem. Michael Moore, a one-time CIO for San Diego County and now an executive with EquaTerra, knows well the importance of good governance when it comes to IT outsourcing.

In 2002, Moore became CIO for San Diego County, which had been outsourcing its IT operations since 1999, first with Computer Sciences Corp. (CSC). Problems with the outsourcing arrangement took the county and CSC to court. The legal battle exposed the fact that both the county and CSC failed to value and include the agencies in the decision-making process.

Though the dispute was eventually settled outside of court, the experience served as a useful learning opportunity for San Diego County officials when they rebid the contract after the deal with CSC expired. The goals and requirements of the original CSC contract were far too broad, and service-level agreements were unrealistic. In addition, county employees were asked to manage pieces of the contract that they had no experience managing. In 2007, Northrop Grumman won the bid to run the county's IT operations, marking the start of a new phase in the county's long journey with outsourcing.

The struggle that Moore went through led him to value the importance of governance when it comes to outsourcing. "Who gets to make decisions is what governance is about, and all of those decisions become very visible when you're outsourcing," he says. "But how you make those decisions wasn't given a lot of thought on the front end, and they didn't have time to go get consensus with every one of the 50 departments, so they made a decision for the enterprise."

The initial outsourcing problems taught county officials to ensure departments and agencies were intimately involved in IT decisions. The county spent months talking with IT chiefs from individual departments, eventually hammering out a set of decision-making rules. Now, the 11-year-old San Diego county outsourcing arrangement includes three formal groups designed to keep county managers, business groups and technology leaders on the same page: an IT Management Committee that includes the CAO, the HR director, and the county's general managers; a Business Process Governance Group that includes the CFO and the county's finance directors; and an IT Governance Group, led by current CIO Harold Tuck and including group IT managers, group finance directors; and the county Technology Office.

That's a direction Texas is moving as well. Under a new CIO, the state is making changes designed to give individual agencies stronger representation in--and more accountability for--its outsourcing initiative. An executive committee of agency leaders now guides business direction for the initiative. Another committee of agency IT leaders, DIR representatives and contractors tackles technology issues. And a handful of working groups focus on specific aspects of the project like service delivery and program management.

Texas officials say the old governance model, which used the DIR to centrally direct the consolidation project, simply didn't fit the state's highly federated government structure. The new approach, dubbed the "owner-operator model" by the state, seeks to push decision-making authority to the lowest level possible for a given issue.

Along with evolving governance models, there's evidence that the shape of outsourcing deals themselves may be shifting. Industry observers say comprehensive outsourcing of enterprise IT functions is being replaced by narrowly targeted arrangements known as hybrids or multisourcing arrangements. Coupled with cloud computing, software as a service and other alternative service-delivery techniques, these new models may deliver efficiency improvements and cost savings that enterprise outsourcing frequently promises but often underdelivers.

"I think the new model is going to have one segment of the population that's going to be moving more and more toward the cloud, which of course is not traditional outsourcing," says William D. Eggers, global director for Deloitte Research's Public Sector Industry. "And then I think we're going to have others that are trying to get a lot of benefits of the private-sector expertise and management and everything, but without necessarily moving everything out in the traditional outsourcing arrangement."

Eggers, who also is co-author of the book If We Can Put a Man on the Moon: Getting Big Things Done in Government, says he sees movement toward hybrid, as well as smaller projects. "We're going to see much more along the lines of cloud computing."

The shift away from large-scale outsourcing to some hybrid form of contracting will happen soon, says Rishi Sood, vice president of research at Gartner. "I think as you move forward in the state and local government marketplace, particularly within the larger tier-one organizations, you're going to see more of a shift away from the whole sourcing strategy and toward the multisourcing strategy."

Multisourcing gives governments the freedom to better assess which operations and applications need to be under their control and which can be more successful when outsourced.

Whatever the model, government IT outsourcing will remain a challenge. States and localities are in a unique but difficult position thanks to numerous and varied stakeholders and, often, no single authority to which a public enterprise must answer. In the private sector, all roads lead to the CEO. In government, the reality is different, which is why outsourcing pieces of the enterprise--usually multiple, alternative methods--is growing in appeal.

"State and local budgets are tight, and agencies look to modernize their major applications," Sood says. "I think you'll see a growing trend toward application outsourcing. So rather than whole sourcing, they'll be taking a look at specific towers again and looking to outsource only a piece of that tower."

IT outsourcing, it seems, is far from dead. Rather, as Moore explained, it's a matter of evolution. What was once clearly defined as shipping IT functions out to some organization to do them better has changed to incorporate new technologies and new strategies that serve the same purpose.

"I think the definition of outsourcing is in flux," Moore says. "I think outsourcing in general is growing. The description and what people are calling it is a bunch of different things."

Regardless of how outsourcing is labeled, to be successful, one constant remains--good governance.

As Willenbring says, "The thing that most signified to me that we had been incredibly successful--and we've won some awards and those are great and [we are] appreciative--but where my success is measured is inside my organization."